argument-validator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted user input to formalize arguments and conduct research, creating a surface for indirect instructions.
- Ingestion points: User-provided 'argument text' processed in SKILL.md.
- Boundary markers: Absent; there are no specific delimiters or instructions to ignore embedded commands in the user input.
- Capability inventory: The skill executes
lean --stdinvia subprocess and spawns research subagents with web access. - Sanitization: Absent; user content is interpolated directly into logic structures and research prompts.
- Command Execution (LOW): The skill intentionally executes local commands (
lean --version,lean --stdin) to verify logical proofs. While this is the primary purpose of the skill, executing user-derived logic through a compiler/prover is a known but restricted execution path.
Audit Metadata